%0 Journal Article %1 mjs:Lancini:SocAuth %A Lancini, Marco %D 2014 %K 2fa ds15 mjsarticle two-factor_authentication %N 2 %P 476-492 %T Social Authentication %U http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_032_Lancini_SocialAuthentication.pdf %V 8 %X High-value services have introduced two-factor authentication to prevent adversaries from compromising accounts using stolen credentials. Facebook has recently released a two-factor authentication mechanism, referred to as Social Authentication (SA). We designed and implemented an automated system able to break the SA, to demonstrate the feasibility of carrying out large-scale attacks against social authentication with minimal effort on behalf of an attacker. We then revisited the SA concept and propose reSA, a two-factor authentication scheme that can be easily solved by humans but is robust against face-recognition software. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer

@article{mjs:Lancini:SocAuth, abstract = {High-value services have introduced two-factor authentication to prevent adversaries from compromising accounts using stolen credentials. Facebook has recently released a two-factor authentication mechanism, referred to as Social Authentication (SA). We designed and implemented an automated system able to break the SA, to demonstrate the feasibility of carrying out large-scale attacks against social authentication with minimal effort on behalf of an attacker. We then revisited the SA concept and propose reSA, a two-factor authentication scheme that can be easily solved by humans but is robust against face-recognition software. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer}, added-at = {2021-09-19T18:42:17.000+0200}, author = {Lancini, Marco}, biburl = {https://www.bibsonomy.org/bibtex/26e7870c4919cbaeb4131eb2ecf88b918/steschum}, interhash = {b498f1c845707a7c5d89a7dbe245ebe1}, intrahash = {6e7870c4919cbaeb4131eb2ecf88b918}, issn = {2192-4260}, journaltitle = {Magdeburger Journal zur Sicherheitsforschung}, keywords = {2fa ds15 mjsarticle two-factor_authentication}, number = 2, pages = {476-492}, subtitle = {Vulnerabilities, Mitigations, and Redesign}, timestamp = {2021-10-22T17:15:30.000+0200}, title = {Social Authentication}, url = {http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_032_Lancini_SocialAuthentication.pdf}, urldate = {2014-11-13}, volume = 8, year = 2014 }